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Foreword 



This Technical Specification (TS) has been produced by ETSI Project Pay Terminal and Systems (PTS). 

Version 1.1.1 of TS 101 206-4 is an equivalent of the original handover version to CEN for becoming EN 726-4, but is 
not published by ETSI. 

Version 1 .2. 1 of ETSI TS 101 206-3, 4 and 7 represent an update of the documents handed over to CEN for becoming 
EN 726-3, 4, and 7. PTS has used version 1.2.1 rather than the original handover version to CEN (version 1.1.1) for 
producing the conformance testing specifications for CEN EN 726-3, 4 and 7 (CEN prEN 13343/4/5). Version 1.2.1 is 
published by ETSI and has since been handed over to CEN for the update process of EN 726, to give a consistent set of 
standards and conformance testing specifications in CEN. Once published by CEN as an EN, ETSI will withdraw these 
TSs. 

Versions 1.3.x onwards of ETSI TSs had been produced by PTS for working use within ETSI. These are not a copy of 
any CEN published EN. These ETSI TSs incorporate change requests accepted by PTS at the time of publication. The 
intention is that these documents can be used for the update of EN 726 within CEN at some time in the future. These 
ETSI TSs may not match the CEN published conformance testing specifications for EN 726 (prEN 13343/4/5). Update 
of the CEN conformance testing specifications will need to be considered when these ETSI TSs (versions 1.3.x 
onwards) are handed over to CEN. 

History of EN 726 

CEN EN 726 was prepared by ETSI STC TE9 (at present PTS), adopted by CEN/TC 224 and submitted to the 
CEN formal vote. EN 726 consists of seven parts covering Identification card systems; Telecommunications IC cards 
and terminals; as identified below: 

Parti: "System overview"; 

Part 2: "Security framework"; 

Part 3: "Application independent card requirements"; 

Part 4: "Application independent card related terminal requirements"; 

Part 5: "Payment methods"; 

Part 6: "Telecommunication features"; 

Part 7: "Security module". 
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ETSI deliverables on EN 726 family 



TS 101 206-3 


"Identification card systems; Telecommunications IC cards and terminals; 
Part 3: Application independent card requirements". 


TS 101 206-4 


"Identification card systems; Telecommunications IC cards and terminals; 
Part 4: Application independent card related terminal requirements". 


TS 101 206-7 


"Identification card systems; Telecommunications IC cards and terminals; 
Part 7: Security module". 



ETSI deliverables on EN 726 conformance testing family 



TS 101 203-1/2/3 


"Identification card systems; Telecommunications IC cards and terminals; 
Test methods and conformance testing for EN 726-3". (prEN 13343) 


TS 101 204-1/2/3 


"Identification card systems; Telecommunications IC cards and terminals; 
Test methods and conformance testing for EN 726-4". (prEN 13344) 


TS 101 207-1/2/3 


"Identification card systems; Telecommunications IC cards and terminals; 
Test methods and conformance testing for EN 726-7". (prEN 13345) 
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1 Scope 



The present document specifies the application independent card related characteristics of card terminals able to process 
cards complying with TS 101 206-3 [1]. All common characteristics which are necessary for a standardized card use in 
the terminals are defined. The present document does not preclude letting terminals accept and process cards complying 
with other standards. 

The application-specific characteristics are not defined in the present document. They are defined and described in the 
relevant application requirements. 

The present document does not specify any internal realization of a card-terminal. It describes: 

a) the requirements for the physical and environmental specifications on the card terminal, the electronic signals and 
transmission protocols; 

b) the application independent logical model, which should be used as a basic design of the logical structure of card 
specific requirements supported by the terminal; 

c) the description of the application independent functions and general scenarios to be used by most of the 
applications; 

d) the error handling. 



References 



The following documents contain provisions which, through reference in this text, constitute provisions of the present 
document. 

• References are either specific (identified by date of publication, edition number, version number, etc.) or 
non-specific. 

• For a specific reference, subsequent revisions do not apply. 

• For a non-specific reference, the latest version applies. 

• A non-specific reference to an ETS shall also be taken to refer to later versions published as an EN with the same 
number. 

[1] TS 101 206-3: "Identification card systems; Telecommunications IC cards and terminals; Part 3: 

Application independent card requirements". 

[2] TS 101 206-7: "Identification card systems; Telecommunications IC cards and terminals; Part 7: 

Security module". 

[3] EN 27816-1 (1989): "Identification cards - Integrated circuit(s) with cards contacts - 

Part 1: Physical characteristics". 

[4] EN 27816-2 (1989): "Identification cards - Integrated circuit(s) cards with contacts - 

Part 2: Dimensions and location of the contacts". 

[5] EN 27816-3 (1989): "Identification cards - Integrated circuit(s) cards with contacts - 

Part 3: Electronic signals and transmission protocols". 

[6] EN 27816-3 (1992/A1:1993) and ISO/IEC 7816-3 (1989/AM 1:1992): "Identification cards - 

Integrated circuit(s) cards with contacts - Part 3: Electronic signals and transmission protocols - 
Amendement 1: Protocol type T = 1, asynchronous half duplex block transmission protocol". 

[7] ISO/IEC 646 (1991): "Information processing - ISO 7-bit coded character set for information 

interchange". 

[8] CCITT Recommendation T.50 (1988): "International alphabet n°5". 
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[9] ISO/IEC 7816-3 (1997): "Identification cards - Integrated circuit(s) cards with contacts 

Part 3: Electronic signals and transmission protocols". 



3 Definitions, abbreviations, symbols 

3.1 Definitions 

For the purposes of the present document, the following terms and definitions apply: 

Access Conditions (AC): a set of security attributes associated to a file. 

Elementary File (EF): a file containing AC, data or program. It can not be the parent of another file. 

EF(-.jjy is an elementary file containing the Card Holder Verification (CHV) information. 

EFpjjf is an elementary file at the MF or at DF level, which contains a list of all, or part of, available applications in 
the card. 

EFjp is an elementary file at the MF level, containing the identification number of the card. 

EFjQ is an elementary file at the MF level, containing general information concerning the Integrated Circuit (IC). 

EF|^£Y is an elementary file containing keys linked to the AC. 

InterFace Device (IFD): a terminal, communication device or machine to which the IC card is electrically connected 
during a session. 

Master File (MF): the mandatory unique file representing the root of the file structure and containing AC and allocable 
memory. It may be the parent of elementary files and/or dedicated files. 

nibble: half a byte. The most significant nibble of a byte consists of bits bgb7bgb5 and the least significant of bits 

3.2 Abbreviations 

For the purposes of the present document, the following abbreviations apply: 

AC Access Condition 

ATR Answer To Reset 

BCD Binary Coded Decimal 

CEN Comite Europeen de Normalization 

CHV Card Holder Verification 

EF Elementary File 

IC Integrated Circuit 

IFD InterFace Device 

ME Mobile Equipment or portable battery operated equipment 

MF Master File 

PIN Personal Identification Number 

SM Security Module 

STC ETSI Technical Sub-Committee 

TC Technical Committee 

TE9 Terminal Equipment 9 (Technical Sub-Committee, STC, of ETSI) 
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3.3 Symbols 

For the purposes of the present document, the following symbols apply: 

N Newton 

^CC Supply Voltage 

Vpp Programming Voltage 



4 Physical requirements for the card terminal 

4.1 Mechanical interface between the IFD and the IC card 

The mechanical interface between the Integrated Circuit card (IC card) and the InterFace Device (IFD) shall be in 
accordance with EN 27816-1 [3] and EN 27816-2 [4]. 

If the IFD accepts ID-1 cards with embossing, then the embossing shall be on the same side as the contacts. If the IFD 
supports IC cards combined with a magnetic stripe, the magnetic tracks shall always be on the opposite side of the 
contacts. 



4.2 Contacting of the IC card 



No short circuit or damage to the card or IFD shall take place when inserting or removing the card, even when it is 
pulled out with a speed < 1 m/s. Activation and deactivation of the contacts shall be in accordance with EN 27816-3 [5] 
and ISO/IEC 7816-3 [6]. 

No short circuit between any contacting elements in the terminal shall prevent normal operation of the terminal when 
removed. 

The shape and the material of the contacting elements shall be such that no damage to the card is caused by them when 
applied to it. 

The contact force of the contacting elements shall be large enough to ensure contact, even in extreme environmental 
conditions (e.g. shocks or vibrations) which can be application dependent. 

However, under no circumstances shall the contact force be greater than 0,5 N per contact. 

The shape of the contacts and the way of contacting shall be done in such a way that even polluted cards are contacted 
properly. 

4.3 User/terminal interface 

The method of inserting the card shall be by the short side first, where the contacts are situated, preferably with the 
contacts upwards. Therefore, for public terminals, a clear and unambiguous indication shall be given to the user to 
indicate the correct orientation for inserting the card. 

The card shall always be accessible to the user. 

Physical removal of the card at any time however, shall not leave the applications in the terminal in an invalid or 
unknown logical state. 

NOTE: During write operations on the card, especially in the case of management operations, a clear indication 
shall be given to the user, not to remove his card from the terminal. 

4.4 Magnetic stripe card reader 

A combination with a magnetic stripe card reader function is optional. 
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4.5 Card Holder Verification (CHV) module 

If required, a CHV module can be integrated in the terminal. This module shall allow the user to proof his/her identity 
by entering his/her CHV number and/or biometric information. 

In case of a CHV-entry, the CHV may be entered on the keypad/keyboard of the card terminal or by means of a separate 
and secure PIN-pad. 

Depending on the application, the CHV-entry may be numerical or alphanumeric. For telecommunication applications 
the CHV-data shall be coded in accordance with CCITT Recommendation T.50 [8] or ISO/IEC 646 [7]. If alphanumeric 
CHV-entry has to be performed, only terminals with a keyboard shall be used. In case of numerical CHV-entry, both 
keyboard and keypad (up to 12 numerical push buttons) can be used. 

For public terminals the terminal shall be designed so that CHV entry cannot be easily observed. 

The plain text CHV shall never leave the terminal, except when it is presented to the card. 

4.6 Acceptance of memory cards 

Terminals accepting memory cards are not excluded by the present document. 



5 Electronic signals and transmission protocols 

The electronic signals and asynchronous transmission protocols between the IFD and the IC card shall be in accordance 
with EN 27816-3 [6] and ISO/IEC 7816-3 [6]. IC cards conforming to the present document shall not be damaged. 

The following, additional, requirements shall be applied in order to have simplified terminals and to ensure a proper 
operation in mobile equipment or portable battery operated equipment (ME) except for the supply current which is to be 
used in stationary equipment as well. 

5.1 Supported transmission types 

For the IFD, two types of transmission shall be considered: 

a) the asynchronous transmission, used by the IC cards, with the possibility of having cards; 

b) with an internal or external clock; 

c) the synchronous transmission used by the memory cards. 

Therefore, the IFD shall support the different types of reset behaviour for the cards using asynchronous transmission 
(see EN 27816-3 [5], clause 5 and subclause 6.1). 

The IFD may support the reset procedure for the cards using synchronous transmission (see EN 27816-3 [5], clause 5 
and subclause 6.2). If the IFD supports synchronous cards, the conditions for an asynchronous IC card shall be applied 
first. 

The terminal shall support at least one of the protocols described in EN 27816-3 [5]. 



5.2 Supply voltage Vcc 



According to the value given in EN 27816-3 and ISO/IEC 7816-3 [6] except for mobile equipment where the supply 
voltage Vqq shall be 5 V + 10 %. The IFD may support a supply voltage of 3 V + 10 % according to [9]. 



ETSI 



10 TS 101 206-4 VI .3.1 (1998-12) 



5.3 Supply current 



The terminal shall be able to supply at least 20 mA to the IC card. In portable battery operated equipment, the supply 
current shall be at least 10 mA. 

Due to technology, spikes in the supply current can occur, the amplitude of which can be several times the average 
current. The power supply shall be able to counteract spikes up to a maximum charge of 40 nAs with no more than 
400 ns duration and an amplitude of at most 200 mA. 



5.4 Programming voltage 



For card terminals accepting European telecommunication cards, the Vpp contact shall supply the same voltage as the 
V(^(;; contact (see also TS 101 206-3 [1], subclause 5.3). 

If the IFD also supports memory cards, then different values for the programming voltage, in accordance with 
EN 27816-3 and ISO/IEC 7816-3 [6] shall be allowed. 



5.5 Duty cycle 



According to the values given in EN 27816-3 and ISO/IEC 7816-3 [6] except for mobile equipment where the duty 
cycle for asynchronous transmissions shall be taken between 40 % and 60 % (see also TS 101 206-3 [1], subclause 5.4). 

5.6 Guard time 

According to the values given in EN 27816-3 and ISO/IEC 7816-3 [6], except for mobile equipment where the guard 
time shall be in accordance with the definitions for guard time in TS 101 206-3 [1], subclause 5.5. 



6 Security facilities 



The security facilities, from the terminal point of view, are completely based on the security facilities defined for the 
IC card. As defined in TS 101 206-3 [1], clause 7, for each possible action, there are Access Conditions (AC) defined in 
the IC card. 

The only exception concerns the internal authentication feature, where the card has to prove its authenticity to the 
terminal. In this case, it shall be the terminal that decides. 

NOTE: It is recognized that it could be necessary to encrypt not only the data, but also the header of a command 
or a part of it. 



6.1 Security Module (SM) 



Depending upon the security policy, defined for the complete card system and the various applications using it, there are 
two possibilities to fulfil these requirements. These are stated in subclauses 6.1.1 and 6. 1 .2 of the present document. 
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6.1.1 Using a SM in the terminal 




Terminal 
(Local equipment] 




SM 



Figure 1 : Off-line environment 

The use of a SM, in the terminal or in the local equipment, may be necessary in an off-line environment (see figure 1) 
when secret key algorithms are used to fulfil the security policy. See TS 101 206-7 [2] for a description of the SM. 

NOTE: Local equipment could be, for example a payphone connecting unit which is part of the subscriber line but 
which resides in the exchange which is a secure environment. The SM may therefore reside in the local 
equipment or in a remote location. 

6.1.2 No SM in tine terminal 



Card 




Terminal 




Host 







Figure 2: On-line environment 

There is no need for a SM inside the terminal in a complete on-line environment (see figure 2). 

7 Description of the functions 

Refer to TS 101 206-3 [1], clause 8, for the description of the functions. 

Not all the functions, possible in the IC card, need be supported in the terminal. 
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Commands 



Refer to TS 101 206-3 [1] for the following items: 

a) the mapping principles (subclause 9.1); 

b) the coding of the commands for the byte protocol (T=0) or the block protocol (T=l) (subclause 9.2); 

c) the Access Condition (AC) coding (subclause 9.5); 

d) the coding of the contents of EFj-^j^y and EFj^y (subclauses 10.1, 10.6 and 10.7); 

e) the coding of the error conditions returned by the IC card (subclause 9.4). 

Not all commands, possibly supported by the IC card, need be available in the terminal. 

In all cases, the terminal-side of an application is the master in the IFD-IC card relation. 

The terminal shall at minimum be able to distinguish between status responses from the card indicating successful and 
unsuccessful completion of the command. An unrecognized status response shall be treated as unsuccessful completion 
of the command. 
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Error handling 



The error recovery procedures at the transport level, as stated in EN 27816-3 and ISO/IEC 7816-3 [6], shall be 
supported. 

Unrecoverable errors should be signalled to the user. For terminals having alphanumeric displays, the error cause should 
be displayed in plain text (see table 1). Any unrecognized response or error response for which no other text is defined 
shall cause the message "Card malfunction, contact application provider" to be displayed. 

Table 1 



Error conditions 


Text displayed 


SW1 


SW2 


98 


40 


Card blocked, contact application provider 


98 


04 


Wrong CHV, X remaining attempts (note). 

(This text should only be displayed after a command which involves 
presentation of a CHV, i.e. CHANGE, DISABLE, ENABLE, UNBLOCK 
or VERIFY CHV.) 


NOTE: When a wrong CHV was presented, displaying tlie remaining CHV-attempts should be optional. 

The remaining attempts shall be available after requesting the status of the corresponding EFp.nv . 



1 Functional requirements of the card terminal 

10.1 Language for display messages 

For public telecommunication terminals, at least 2 languages shall be supported, one of which should be English (for 
language selection, see subclause 10.3.5). 

10.2 Display messages 

There should be a set of basic messages, common to all public terminals, for user guidance. For example: 

a) insert your card; 

b) remove your card; 

c) card refused (i.e. invalid, locked); 

d) re-insert the card (i.e. after a recovered malfunction); 

e) enter your Card Holder Verification number (CHV); 

f) wrong Card Holder Verification number (CHV); 

g) enter your old Card Holder Verification number (CHV); 
h) re-enter Card Holder Verification number (CHV); 

i) service locked; 
j) service not available; 
k) terminal out of service. 
The user shall have the possibility to suppress the displaying of user related data. 
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10.3 Basic operations 

1 0.3.1 Removal of the card 

When the card is removed, all data related to the card within the terminal shall be erased, except for the data relevant to 
the transaction record in the terminal. 

10.3.2 Escape possibility 

At any time, the user at the terminal shall have the possibility to abort the current operation. The terminal shall reject the 
card and return to the idle state. 

10.3.3 CHV-entry 

During the entering of the CHV (between 4 and 8 characters), an indication of the number of characters entered should 
be visualized. However, the values of the entered CHV shall not be displayed in plain text nor be disclosed by audible 
feedback. 

The length of a CHV, presented to the IC card, shall be 8 bytes as defined in TS 101 206-3 [1], subclause 9.2.16. 
Therefore, an end-of-CHV character shall be entered by the user, to denote the end of the CHV-entry when the length of 
the entered CHV is shorter than 8 characters (for telecommunication terminals, this end-of-CHV character could be '#'). 

The terminal shall present the CHV in the requested format to the card: 

a) 8-bytes long, containing the entered CHV; 

b) left aligned; 

c) padded at the right with binary 1 . 

Padded with binary 1 means that for the remaining bytes, or nibbles in case of a BCD-coded CHV, every bit shall be set 
to one. 

When an enciphered CHV is required, the padding with binary 1, shall be done before the encipherment of the CHV. 

For telecommunication applications, the CHV-data shall be coded in accordance with CCITT Recommendation T.50 [8] 
or ISO/IEC 646 [7], reserving 1 byte per CHV-character as in figure 3. 

In all representations the leftmost bit represents the most significant bit while the rightmost bit represents the least 
significant bit of the least significant byte. 



b8 



bl 



b8 



bl 



Byte 1 


2 


3 


4 


5 


6 


7 


byte 8 



CHV-Char 1 CHV-char 8 

Figure 3: Coding in accordance with CCITT Recommendation T.50 [8] 

For applications requiring a longer CHV, BCD coding is possible, reserving 1 nibble per CHV-character as in figure 4. 
b4 ... bl b4 ... bl 



nibble 1 



14 



15 



nibble 16 



CHV-Char 1 



CHV-char 16 



Figure 4: BCD coding 
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Care shall be taken to be consistent in using the right CHV-coding technique, once it is decided for a particular 
application which coding-technique shall be used. 

A possible scenario for CHV-entry is given in annex A. 

10.3.4 CHV-change 

The user should be able to change his CHV only at those terminals that fulfil the requirements for CHV-entry and if 
those terminals support the CHV-change function. 

To change the CHV, the old CHV should be entered first according to the procedure for CHV-entry 
(see subclause 10.3.3). Then, the new CHV shall be entered twice, also according the same procedure for CHV-entry. 
Only when the two entries of the new CHV match, shall the terminal activate the CHV-change in the card by sending the 
appropriate command to the card. 

When there is a difference between the two new CHVs, the operation shall be aborted and the user shall be notified that 
the CHV-change operation was not successful. In this case, his old CHV shall still be valid. 

A possible scenario for CHV-change is given in annex B. 

NOTE: CHV-entry and CHV-change: in case of a mistyped digit/character, during the entering of the CHV, at 
least the escape possibility described in subclause 10.3.2 can be used. More convenient functions, i.e. 
editing, could be implemented. 

10.3.5 Language choice/change 

The order for language preferences may be indicated in the Master File (MF) of the IC card. After the Answer To Reset 
(ATR), the terminal shall read the MF and shall compare the list of language preferences from the IC card with the list 
of language preferences in the terminal. The language with the highest preference in the card and which is also available 
in the terminal, shall be chosen. 

If there is no conformity in the list of language preferences from the terminal and the one from the IC card, or if there is 
no such list present in the MF of the IC card, then the language with the highest preference, as implemented in the 
terminal, shall be used. 

However, the user should have the possibility to change the language used on the terminal, at least once at the beginning 
of the card session. For example by means of: 

a) a special key; 

b) a menu. 

1 0.3.6 Selection of an application 

In a mono-application terminal, the required application shall be selected automatically. 

In a multi-application terminal, only the subset of the applications which are supported by both the terminal and the 
IC card, and which are not invalidated in the IC card, may be shown to the user. The possibility to show the complete 
directory may be supported by the terminal and should be preferred. 

The procedure to present this list of applications, is to read out the elementary file EFj-,jj^ at the MF level of the IC card. 
Out of the response of the card, only the verbal description (see TS 101 206-3 [1], subclause 6.3) of the relevant 
applications shall be displayed. 

The selection of an application from this list by the user, can be done by a function key or by choosing from a menu. For 
the applications which do not appear in the EFj-,jj^ at the MF level, it is up to the application part in the terminal to select 
the desired application in the card. 

The card expiry date, given in the elementary file EFjj-) at the MF level of the card, can be checked against the real time 
clock in the terminal/host. 
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10.4 Audio messages 

The user guidance may be supported by audio messages. 



At the end of the card session, the user should get an audio message, reminding the user to remove the card from the 
terminal. 
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Annex A (informative): 
A scenario for CHV-entry 
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Figure A.I 
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NOTE: CHV required in the scenario means that the CHV-entry is needed and enabled (if this option is available). 

Figure A.2 

The scenario for the Enable/Disable CHV feature, is almost the same as the scenario for the CHV-entry, except that in 
the beginning of the scenario, a check shall be included to see whether enabling/disabling of the CHV is allowed. 
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Annex B (informative): 

A scenario for CHV-change 
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Figure B.I 
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